Skip to content

Commit

Permalink
Merge pull request #55 from dg/pull-cc
Browse files Browse the repository at this point in the history
HttpRequest: drops non-UTF8 strings, but control characters only removes...
  • Loading branch information
dg committed Feb 19, 2015
2 parents 03a422b + 091f141 commit 4384690
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 34 deletions.
15 changes: 8 additions & 7 deletions src/Http/RequestFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
class RequestFactory extends Nette\Object
{
/** @internal */
const CHARS = '#^[\x09\x0A\x0D\x20-\x7E\xA0-\x{10FFFF}]*+\z#u';
const CHARS = '\x09\x0A\x0D\x20-\x7E\xA0-\x{10FFFF}';

/** @var array */
public $urlFilters = array(
Expand Down Expand Up @@ -112,19 +112,20 @@ public function createHttpRequest()
}

// remove invalid characters
$reChars = '#^[' . self::CHARS . ']*+\z#u';
if (!$this->binary) {
$list = array(& $query, & $post, & $cookies);
while (list($key, $val) = each($list)) {
foreach ($val as $k => $v) {
if (is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
unset($list[$key][$k]);

} elseif (is_array($v)) {
$list[$key][$k] = $v;
$list[] = & $list[$key][$k];

} elseif (!preg_match(self::CHARS, $v) || preg_last_error()) {
$list[$key][$k] = '';
} else {
$list[$key][$k] = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v);
}
}
}
Expand All @@ -138,7 +139,7 @@ public function createHttpRequest()
$list = array();
if (!empty($_FILES)) {
foreach ($_FILES as $k => $v) {
if (!$this->binary && is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
continue;
}
$v['@'] = & $files[$k];
Expand All @@ -154,7 +155,7 @@ public function createHttpRequest()
if (get_magic_quotes_gpc()) {
$v['name'] = stripSlashes($v['name']);
}
if (!$this->binary && (!preg_match(self::CHARS, $v['name']) || preg_last_error())) {
if (!$this->binary && (!preg_match($reChars, $v['name']) || preg_last_error())) {
$v['name'] = '';
}
if ($v['error'] !== UPLOAD_ERR_NO_FILE) {
Expand All @@ -164,7 +165,7 @@ public function createHttpRequest()
}

foreach ($v['name'] as $k => $foo) {
if (!$this->binary && is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
continue;
}
$list[] = array(
Expand Down
31 changes: 4 additions & 27 deletions tests/Http/Request.invalidEncoding.phpt
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ require __DIR__ . '/../bootstrap.php';

// Setup environment
define('INVALID', "\xC4\x76\xC5\xBE");
define('CONTROL_CHARACTERS', "A\x01B\x80C");
define('CONTROL_CHARACTERS', "A\x01B\x02C");

$_SERVER['REQUEST_URI'] = '/?' . http_build_query(array(
'invalid' => INVALID,
Expand Down Expand Up @@ -61,27 +61,6 @@ $_FILES = array(
'error' => 0,
'size' => 209,
),
'file2' => array(
'name' => array(
2 => INVALID,
),

'type' => array(
2 => INVALID,
),

'tmp_name' => array(
2 => 'C:\\PHP\\temp\\php1D5C.tmp',
),

'error' => array(
2 => 0,
),

'size' => array(
2 => 3013,
),
),
);

test(function() { // unfiltered data
Expand Down Expand Up @@ -118,19 +97,19 @@ test(function() { // filtered data
$request = $factory->createHttpRequest();

Assert::same( '', $request->getQuery('invalid') );
Assert::same( '', $request->getQuery('control') );
Assert::same( 'ABC', $request->getQuery('control') );
Assert::null( $request->getQuery(INVALID) );
Assert::null( $request->getQuery(CONTROL_CHARACTERS) );
Assert::false( isset($request->query['array'][INVALID]) );

Assert::same( '', $request->getPost('invalid') );
Assert::same( '', $request->getPost('control') );
Assert::same( 'ABC', $request->getPost('control') );
Assert::null( $request->getPost(INVALID) );
Assert::null( $request->getPost(CONTROL_CHARACTERS) );
Assert::false( isset($request->post['array'][INVALID]) );

Assert::same( '', $request->getCookie('invalid') );
Assert::same( '', $request->getCookie('control') );
Assert::same( 'ABC', $request->getCookie('control') );
Assert::null( $request->getCookie(INVALID) );
Assert::null( $request->getCookie(CONTROL_CHARACTERS) );
Assert::false( isset($request->cookies['array'][INVALID]) );
Expand All @@ -139,6 +118,4 @@ test(function() { // filtered data
Assert::null( $request->getFile(CONTROL_CHARACTERS) );
Assert::type( 'Nette\Http\FileUpload', $request->files['file1'] );
Assert::same( '', $request->files['file1']->name );
Assert::type( 'Nette\Http\FileUpload', $request->files['file2'][2] );
Assert::same( '', $request->files['file2'][2]->name );
});

0 comments on commit 4384690

Please sign in to comment.